Every day I experience life in the world of healthcare IT, supporting 3000 doctors, 18000 faculty, and 3 million patients. In this blog I record my experiences with infrastructure, applications, policies, management, and governance as well as muse on such topics such as reducing our carbon footprint, standardizing data in healthcare, and living life to its fullest.

Wednesday, August 31, 2011

On September 28 2011, the HIT Standards Committee (HITSC) will officially deliver to ONC its 6 months of hard work from Standards Summer Camp. HITSC subcommittees and workgroups have met every other day since April to prepare the standards recommendations needed to support Meaningful Use Stage 2 rule making.

The S&I Framework teams have been working in parallel on important issues - Certificates, Provider Directories, Lab Result Reporting, and Transfer of Care Summaries.

Here's how it all fits together.

Certificate Recommendations - HITSC recommended specific implementation guidance for X.509 certificates. The S&I Framework teams developed a strategy for certificate authorities to issue trusted credentials that will eventually be cross-certified with the Federal Bridge Certificate Authority (FBCA), enabling exchange with Federal agencies.

Metadata recommendations - HITSC recommended CDA R2 headers for patient, provenance, and security metadata. These were included in the Advanced Notice of Proposed Rulemaking. HIEs should use these standards as metadata envelopes for content payloads that are sent between different organizations.

Provider Directory recommendations - HITSC considered LDAP but noted that federated LDAP directories and internet-based LDAP queries between organizations have not yet been widely deployed. HITSC also considered microdata and web search engine retrieval of structured directory data. The S&I Framework teams concluded that pilots of federated LDAP queries and microdata are a reasonable next step, because no provider directory standard is mature. Additionally the S&I Framework teams recommended DNS for certificate distribution with the addition of LDAP if an organization's implementation of DNS does not support certificate discovery.

Vocabulary recommendations - HITSC recommended a parsimonious set of standards for vocabularies supporting quality measures including SNOMED-CT for problems, LOINC for labs, and RxNorm for medications. The September HITSC meeting will include a transition plan for those vocabulary standards required for Stage 1 that are being retired/replaced in Stage 2.

Patient Matching recommendations - HITSC recommended a set of best practices that will guide implementors who want to match patients using demographic data elements with appropriate specificity and sensitivity.

ePrescribing of Discharged Medications recommendations - HITSC recommended NCPDP and HL7 standards that are widely implemented and compliant with Medicare Part D requirements.

NwHIN recommendations - At September's meeting, HITSC will recommend one set of building blocks to support Nationwide Health Information Network Exchange transactions (pull/push) and Direct transactions (push).

Lab Results recommendations - The S&I Framework teams recommended an HL7 2.51 transaction that is very similar to the public health implementation guides already approved by HITSC. It also includes vocabularies and code sets that constrain the optionality of the transaction. The Implementation Guide is broadly supported by ELINCS developers, commercial labs, and numerous informatics experts. It will be balloted by HL7 in the next few weeks and then piloted before any regulations are written.

Transitions of Care recommendations - The S&I Framework teams recommended a transfer of care summary that is a natural stepwise evolution of the work we've done for the past 10 years - CDA --> CCD --> C32 --> transfer of care CDA templates. These CDA templates are easier to implement than C32 and more flexible, Given that CCR is a declining standard (little new work is being done on it), CDA templates are a reasonable next step. The HITSC will be asked to comment on the trajectory of this work and will evaluate the results of pilot testing.

At the September meeting of the HITSC, we'll review all the work we've done as well as the S&I Framework efforts on Certificates, Provider Directories, Reportable Lab and Transfers of Care.

What evaluation criteria should we use? In the words of Doug Fridsma, who oversees the ONC Office of Standards and Interoperability

"While it might not be perfect, does it represent the best we have so far?
Does it point us in the right direction?
Is it the next step in an incremental approach to refining the standards and implementation guides?
Does it support our policy objectives?
Can we update it as needed through the SDO community?

All standards, even those that have wide-spread uptake, require constant updating and refinement. Vocabularies, terminologies, and other existing standards will require piloting to make sure that we maintain relevance.

We can't let the perfect be the enemy of good. Standards will require continued support and community refinement. If we can generally answer 'yes' to the questions above, then we need to continue to push forward toward the goals of interoperable health exchange."

I look forward to the September meeting and the delivery of all the great work done by the HITSC and S&I framework teams, bringing closure to this phase of Stage 2 preparation activities.

Let's consider the application of Steve's principles to Healthcare Information Exchange in Massachusetts.

1. Board of Directors - Governance in general is very important to healthcare information exchange. HIEs need a multi-stakeholder governance body to set priorities, monitor progress, and ensure all stakeholders are engaged. In the past few months, state government and the private sector experts have worked together to define roles and responsibilities. The State's HIE coordinator, Rick Shoup, and I presented this consensus plan to the state's HIT Council, the decision making body established by state regulation Chapter 305. Governance will be done by the HIT Council plus an HIT HIE Advisory Group consisting of payers, providers, employers, patients, academics, and government. This "Board of Directors" of the Massachusetts HIE activities is top notch.

2. Focus on Relevance - HIEs can do many things. They can push data among payers, providers, patients, and public health. They can create master patient indexes, record locator services, and registries. However, what will the market pay for today? At the moment, simple secure transport that connects every stakeholder with easy to use web applications and native EHR interfaces seems to be the answer. Rather than do everything simultaneously, we need to tightly focus on just secure routing, making 2012 the year of the state "information highway".

3. Invest in Core Assets - Massachusetts already has production HIEs that serve the business needs of several customers. We have NEHEN, CHAPS, SafeHealth, North Adams HIE, and the MAeHC Quality Data Center. Rather than reinvent these, we need to focus on the gaps, creating a state backbone that will connect every stakeholder, establishing a network of networks that leverages existing investments.

4. Meaningful Partnerships - The State Medicaid Health Plan includes 14 projects that cover over 90% of the providers in Massachustets. Since Medicaid is eligible for 90/10 matching funds (90% Federal/10% State), it makes great sense to do as much as we can via Medicaid. Multiplying our purchasing power by 10 is a meaningful partnership!

5. New Products - Once connectivity from every stakeholder to every stakeholder is in place, we can create novel functionality such as clinical registries and the ability to query data to support the "unconscious in the emergency department" use case.

Thus, if 2011 was the year of governance, 2012 will be the year of connectivity, 2013 the year of registries, and 2014 the year of queries.

Monday, August 29, 2011

For the past 2 years, I've operated a weather station which provides realtime data for Wellesley, Massachusetts to the National Weather Service, the Citizens Weather Observation Program, and Weather Underground.

If you search Google for Weather Wellesley, you'll get my data.

For graphs of the temperature, barometric pressure, wind speed, wind direction, and rainfall rate during Irene, here's a summary from Weather Underground.

To prepare for the storm, I took down flags, removed hanging bird houses, and stored every object that could become a projectile in the wind.

Interestingly, we never had sustained winds more than 10 mph. Our peak gust was 17 mph. Likely, the impact of the storm on my location was much less than the surrounding neighborhood because of the grove of old hemlocks nearby that serves as a windbreak.

At the height of rain intensity, a tree down the street collapsed. due to the weight of water on its leaf canopy, and fell through power lines. The Department of Water and Power cut power to the neighborhood to do the repair.

Water began rising in my basement drains and as designed, the battery backup sump pump worked perfectly, pumping the basement dry despite the loss of power.

Installing a battery backup sump pump makes great sense - the likelihood is that in the worst storms, you'll also lose power, so having an AC powered sump pump will not help you (unless you engineer a complete alternative power solution for your home)

If my neighborhood was typical, the storm did have a profound impact. Down the street, a tree fell into two cars. My father in law lost a portion of his entry roof. Downed limbs have impacted traffic flows throughout the area.

However, our engineered systems for power backup and water control plus our preparation for the storm made our experience of Irene, our first hurricane, uneventful.

Although I've argued with the FDA that SMS messages sent to clinician cell phones should be enough for 2 factor authentication, their response has been that doctors cannot use Blackberry's, they must use Barackberry's - fully encrypted highly secure devices when writing e-prescriptions.

Bio-key's approach to two factor authentication on iPhones and iPads will enable a new level of functionality and productivity for clinicians who want to use these consumer platforms for healthcare applications. Today, over 1000 physicians at BIDMC use iPads and they are becoming the mobile device of choice for clinicians.

A cloud-based biometric authentication system for iPhones and iPads. That's cool!

Thursday, August 25, 2011

In one week, we drop off our daughter to Tufts University so she can began the next era of her life as a college woman.

All of us have been preparing.

High School is a time of many emotions - high highs and low lows. It's about discovering independence, making choices, accepting responsibility, developing relationships, and balancing parental authority with the desire for autonomy.

More is expected of today's teens than in my generation. It's very stressful on a young person.

In one week, she'll make decisions on her own. She'll decide what to eat (and drink), when to study, and who to spend her time with.

Over the past few weeks, she's thought about her transition in a very spiritual way.

I did not approach my college transition formally. I packed my clothes and typewriter the night before and we drove from Los Angeles to Stanford for the drop off. That was 31 years ago this week.

She realizes that she has to prepare for this new era while bringing closure to her childhood growing up in Wellesley, Massachusetts.

She has thought about all her Wellesley relationships. She's scheduled events with every one of her friends to create positive memories and energy before they go their separate ways. She's arranged hikes, picnics, movies, meals, and sleepovers.

She's taken private walks to her favorite places in Wellesley. She's also made a conscious decision not to visit many of the places she treasured when very young so that she can remember them as they were from a child's point of view.

Yes, she'll stay in touch with friends on Facebook, but that will fade as she develops new relationships, new interests, and new goals. The closure she's bringing now will leave lasting memories among all her friends, creating a sense of optimism and energy for the future ahead.

My wife and I know that next Wednesday will be hard. We'll bring our daughter's carefully packed belongings (4 small bins that will fit perfectly in a cozy dorm room) to her new living space, set up her IT infrastructure (the home CIO at your service), and attend a formal matriculation ceremony. My wife and I will give her the space she needs to bond with her new colleagues and we'll retreat to a quiet vegan cafe to reflect on the next era in our lives.

We've already planned a few short trips together. My wife will join me for keynote addresses in Burlington Vermont, Phoenix Arizona, and London England. We've already planned a family get together on Mt. Monadnock over Columbus Day weekend. We've thought about the next few months and years as we've considered the implications of staying close to our daughter, our parents, and our jobs.

The end result is a solid plan that will launch all of us into the next stage of life. For my daughter, it's adulthood. For my wife and I, it's a refocus on each other, the world around us, and our careers. The past 18 years with our daughter have been a gift, but the next era will be positive for all of us too. Our evolution begins next Wednesday.

Workflows
a. Files with a high turnover rate (scratch space) that are created and destroyed daily. No snapshot or archival tier is needed
b. Files with a low turnover rate that do not need replication because the data is easy to regenerate. Snapshots are needed to protect the data against drive failure.
c. Files with a low turnover rate that need to be retained for years due to compliance requirements and the difficulty of regenerating the data. An archival tier is needed. (i.e. arrays of inexpensive 2 Terabyte drives)

The researcher sees a visual representation of her storage use in each directory and workflow, both currently and monthly over the past year. Data on primary storage, snapshots used to protect the data, and archival copies of the data are shown separately.

The researcher oversees several post docs. By clicking on a link, the researcher can see the storage use of all those she supervises.

Each directory type has a fixed three year cost per terabyte. Workflows with snapshots or archives have an incremental cost. These costs are well known and accepted by all the users.

The researcher can set their own quotas for directory types and workflows. A calculation of cost for current storage and total quota is shown. The researcher can type in a grant number or departmental account number to reserve the directory types and workflows they need.

The departmental administrator oversees many researchers. She can view the storage use of all her faculty with historical, current, and projected costs shown on screen.

She can discover who is likely to exceed their budget and who is responsible for the largest amount of storage growth over time.

An IT storage concierge is assigned to each department to help researchers and administrators move data among directory types and workflows to balance performance and cost. There is complete transparency between the demand created by the users and the supply provided by the IT department.

The Dean knows the total costs charged to departments, the IT department, and the school (as overhead components in indirect costs).

The CIO and the infrastructure team receive daily summary reports which forecast growth so that additional storage can be added as necessary, ensuring that each directory type and workflow always has 20% unused capacity. Storage vendors can ship nodes to expand each directory type and workflow within 1 week of receiving a PO, so storage can be expanded just in time without risking over or under provisioning.

The chargeback model is NIH compliant and motivates researchers to maintain files via the easy to use move/deletion tools in the web interface.

The research community, school administration, and IT are deliriously happy. Storage challenges are a solved problem. The governance committees have turned their attention to cool applications that advance science instead of infrastructure limitations that impede it.

We're assembling industry experts to work on this dream. My hope that is that I can report back in 2012 that the dream is now the Harvard Medical School reality.

Generation 1 - the 2008 Air with a sluggish 1.8" hard drive or an equally slow but expensive Toshiba SSD drive with 50 MB/s reads and 14MB/s writes. It had a real world battery life of 2.5 hours.

Generation 1.5 - the 2009 Air that replaced the Intel GMA X3100 integrated Graphics Processing Unit with a Nvidia GeForce 9400M to support a 1280x800 pixel display. The Toshiba SSD drive was replaced with a slightly faster Samsung 128 SSD.

Generation 2 - the 2010 Air that was SSD-only (Samsung 128C). SSD performance improved beyond that of magnetic spinning hard disk drives. A new Nvidia GeForce 320M GPU enhanced graphics performance and the Air's screen resolution was increased to 1440x900 pixels. The CPU was slower than in the previous models, but in practice it often performed better, because, unlike the old Airs, the newer ones didn't have to throttle down the CPU speed to keep the system from overheating. Generation 2 included two USB ports, but peripherals were still limited by the maximum performance of the 480Mbps USB connections. In addition, Apple introduced an 11.6" model.

Generation 3 - the 2011 Air is based on the latest Intel Sandy Bridge Core i5 and i7 CPUs, which include hardware support for AES encryption and a Graphics Processing Unit on the CPU silicon. The Mini DisplayPort connector which supported external displays in previous generations was transformed into a Thunderbolt port, which drives external displays and provides I/O at 10 Gig/s.

I purchased my Macbook Air at the end of 2009, so I have a Generation 1.5 - a 2.13 Ghz Core 2 duo with 2G of RAM and a Samsung 128 SSD.

I installed Lion and fully encrypted the filesystem with Filevault2.

In practice Generation 1.5 does not have the CPU power and I/O necessary to sustain Filevault2 and application performance for I/O intensive operations such as Mail 5.0.

Here's a study of the I/O degradation caused by Filevault2 on the Generation 2 Air - a 44% decrease. Generation 2 lacks the hardware AES encryption support (used by Filevault2) of Generation 3.

Generation 1.5 is even worse.

The end result is that Mail 5.0 on my Macbook Air could not process the typical 1500+ emails I receive each day and encrypt/decrypt the filesystem simultaneously. Deleted emails reappeared. Emails that I moved between folders unmoved. Only a reboot brought my Inbox up to date.

The solution - I reinstalled Lion without encryption and now Mail 5.0 works well, but running I/O intensive applications simultaneously like Skype 5.3 and Mail 5.0 is still problematic.

I do not store protected health information (or even personally identified information) on my laptop, so encryption is optional.

The Generation 3 Macbook Air with its I5 or I7, hardware AES support, and faster SSD drive is absolutely good enough for Lion, encryption, and I/O intensive applications. However, the Generation 1.5 is not. Running Lion and one application at a time is about all it can support.

Moore's law is alive and well at Apple, with doubling of CPU capabilities every 18 months. You should upgrade to Lion warily if you are running anything but the latest Air.

Monday, August 22, 2011

I recently posted a blog entry, Healthcare is Different, examining the ways that healthcare differs from other businesses.

Numerous folks sent me email agreeing and disagreeing with my points.

Here's a compilation of some additional ways that my readers suggested healthcare is different.

*Domain Expertise - the vocabulary, science, and physical skills necessary to practice medicine are very complex compared to most other professions. For example to become a neurosurgeon requires kindergarten-high school, 4 years of college, 4 years of medical school, 7 years of residency, and generally a 2 year fellowship. That's 30 years of education.

*No second chance - In retail, if a good is defective it can be exchanged. In service businesses, there is the concept of a redo, a repair, or renovation. The concept of "returned goods" does not existing healthcare.

*Trainees. There's probably no industry that is so inundated with "trainees" as health care; especially in an academic medical center. They add a level of inefficiency during the learning process that is required to produce the next generation of health care workers. In other industries, trainees come in small streams as you bring in co-ops, interns etc. They don't come by the hundreds in July of each year.

*Highly regulated and compartmentalized workforce. Healthcare has dozens of professionals whose practice is limited to certain privileges. This inhibits mobility and cross-coverage that could improve the efficiency of the workforce. If demand gets light in Cardiology, you can't easily move the clinicians to the Gastrointestinal suite.

*Reimbursement and payment process. There is a well defined commercial code for how payment occurs in most industries. In health care, each payer creates their own rules. In aggregate, these rules represent thousands of pages of policies and procedures that a health care provider must follow to be paid. For example, Medicare's claims processing manual is over 4,000 pages long and this doesn't include national and local coverage determinations, advisories, and other manuals devoted to specific types of Medicare sponsored activities. Add to this the claims processing rules for Medicaid and private health plans and you have an overwhelming regulatory and compliance challenge. A cynical person might suggest that payers and government agencies purposely create rules that no provider can possibly follow, then seek compliance penalties for the arcane rules they created. Providers are in a losing battle to keep up with rules that are in a constant state of flux.

These are all great observations.

My personal goal is to build software and workflow processes that make the complex seem easy, reducing the burden on providers so that they can focus on what's really important, the patient. That's why the work for a healthcare CIO will never be done.

Friday, August 19, 2011

It's been great for me but not everyone has a bike they can carry with them into the office.

Now, there's a new way to get around Boston - Hubway , funded in part by Beth Israel Deaconess Medical Center.

Using solar powered, cellular connected, high tech bicycle racks with well engineered nearly maintenance free bicycles, it's now possible to commute between 61 stations in the Boston area for a low annual membership or daily fee.

Thursday, August 18, 2011

Two weeks ago today, I was in Japan at Narita airport for my flight back to Boston. The check in and security lines were extremely long. Although I had 1.5 hours before my departure, it was clear that getting to the plane on time would be challenging.

I asked the customer service staff at All Nippon Airways (ANA) for their advice. Immediately, they assessed the situation and escorted me to a check in window for a boarding pass. (Note that I was flying the lowest cost economy possible, not business or first class). The check in person then left her post to escort me to the crew line in security and walked with me through the screening process. During X-ray scanning, the Japanese security staff noted I was carrying a handcrafted broom that violated their security guidelines because it could be used as a "nightstick" weapon. They paged an ANA baggage carrier who wrapped my broom and checked it on the spot. I arrived to my gate on time, but unfortunately my departure was delayed 45 minutes because ANA wanted to accommodate a late arriving plane with numerous connecting passengers.

During the flight to Los Angeles, ANA called ahead to my connecting flight on American Airlines to give me the best chance to make my tight connection.

When I arrived at LAX, ANA staff escorted me to Customs/Immigration and gave me a special "expedited" sticker to ensure I could bypass lines and delays. It worked flawlessly.

I walked out of the Tom Bradley International terminal and then walked to the American Airlines gates at Terminal 4. I might as well have walked into the 9th circle of Dante's Inferno.

Immediately, the American Airlines staff were hostile and uncaring. They told me I'd never make my flight and sent me to the back of a long customer service line. Shortly thereafter a single mother with 4 young children was sent to the same line and began crying in despair because she was going to miss her flight. A truly unpleasant American Airlines staffer told her "I know what you're going through and I cannot help you, just stand in line", as if a 25 year old male understood the challenge of being a single mother with 4 children. I escorted her to the front of the line explaining to everyone else that she and her children needed their help. We got her onto her flight to Shanghai. I missed my flight and was told by American Airlines that all Boston flights were so overbooked that I had no hope of getting a flight until the next day. They would offer me a $5.00 discount on a hotel room…

Let's see - in Japan, caring people walked me through the process to ensure success. In the US, I was hassled, ignored, impeded, and overbooked. My flight to Boston took 30 hours including an overnight stay at a motel near LAX.

There is truly something wrong with an industry that sets policies and hires people who are customer hostile. I will amend what I said in 2007. I will try as hard as possible to limit my travel to international carriers that want my business, while using teleconferencing instead of domestic travel. When I'm asked if my domestic travel experience met my expectation, my only response can be - it landed and I guess I'm thankful for that!

Wednesday, August 17, 2011

The August meeting of the HIT Standards Committee (the 28th meeting of this FACA) was a milestone in parsimony. As you'll see, we approved a set of vocabulary recommendations and public health standards that represent harmony as well the fewest number of standards possible for the intended purpose.

Since April, we've been working hard on Summer Camp. At our September meeting, we'll wrap up all that work and hand off the finished standards recommendations to ONC for regulation writing.

Per our Summer Camp plan, the August meeting included final recommendations on vocabulary standards for quality measures, final recommendations on all public health transactions, preliminary recommendations on patient matching, and preliminary recommendations on transport/security standards. We also heard from the Standards and Interoperability Framework team about their work and the Implementation Workgroup on their review of Certification Criteria.

This was a powerful meeting, discussing the standards that so many people have been working on for the past decade - one vocabulary standard for each class of data used in quality measures, one approach to public health transactions, one approach to transfer of care summaries, one approach to laboratory results, and a building block approach to data transmission that supports the portfolio of health information exchange options.

We began with the final recommendations from the Clinical Quality Workgroup and Vocabulary Task force on vocabulary standards. Per the marching orders we gave them, they selected one vocabulary standard for each domain - problems, medications, allergies, labs etc. SNOMED-CT and LOINC are the default vocabularies used whenever possible. The committee approved these recommendations by consensus with 2 caveats

-the Implementation Workgroup will be charged with ongoing review of the implementation burden of using these standards in a variety of settings
-the September meeting of the HIT Standards Committee will include discussion of a transition plan for those vocabulary standards required for Stage 1 that are being retired/replaced in Stage 2.

Marc Overhage presented best practices for patient matching, identifying the metadata that should be standardized in patient records and health information exchange. These recommendations are complementary to the metadata standard recommendations in the Advanced Notice of Proposed Rulemaking, enabling stakeholders to optimize a patient matching strategy as needed for their applications using best practices and evidence from industry experience.

Chris Chute presented the recommendations for public health standards - one HL7 2.51 implementation guide for surveillance, one HL7 2.51 implementation guide for immunizations and one HL7 2.51 implementation guide for reportable labs. The optionality specified in meaningful use stage 1 was eliminated and the end result is simple un-ambiguous implementation guides for public health.

Dixie Baker presented the preliminary recommendations for building blocks that support data exchange in both "push" and "pull" models. The key innovation in Dixie's work is the process for reviewing existing standards for appropriateness, adoption, maturity, and currency.

Jitin Asnaani from ONC presented the S&I Framework update including Certificates, Lab Results, Transitions of Care, and Provider Directories. These will be reviewed and hopefully turned into guidance for ONC in the next few months.

Tuesday, August 16, 2011

Today I'm at George Washington University's "The Role and Future of HIT in an Era of Health Care Transformation Symposium" serving as moderator of a panel discussing the barriers and enablers to health information exchange, including the impact of PCAST Work.

We began the day with an introduction from Dr. Alfred Hamilton, assistant professor, The George Washington University School of Public Health, and Dr. Ward S. Casscells, professor of medicine and public health, The University of Texas Health Science Center at Houston. Drs. Hamilton and Casscells organized the conference so that stakeholders and policymakers could discuss barriers and enablers to creating a connected, learning healthcare system.

Paul Egerman, retired CEO/software entrepreneur, educated the group about the PCAST report's main ideas - accelerating interoperability through the use of a universal exchange language (UEL) and a data element access service (DEAS). Reviews of the report thus far have raised policy and operational feasibility concerns, suggesting pilots and an incremental approach to implementing its ideas. The Office of the National Coordinator has released an Advanced Notice of Proposed Rulemaking containing the PCAST-related metadata recommendations from the HIT Standards Committee. As a next step, PCAST ideas will be tested using CDA R2 headers to identify the patient, the provenance of the data, and privacy flags, ideally in the PHR to EHR data exchanges described below.

Dr. Stephen Ondra, White House Office of Science and Technology Policy, presented an overview of the impact that interoperability and data sharing will have on healthcare systems, providers, healthcare purchasers and patient advocacy groups. He noted that HIT is not a goal in itself but is a critical foundation for health reform efforts. The Obama administration has recommended a portfolio of approaches rather than one size fits all health information exchange. Choices include query/response "pull" (Exchange type), directed "push" (Direct type) and consumer based viewing (Blue Button type).

Dr. Farzad Mostashari, national coordinator for health information technology, discussed how interoperability and data sharing support the stages of meaningful use. He identified the issues we've all been diligently working on - standards, governance, architecture, creating trust, and sustainability. He thanked the HIT Policy and HIT Standards Committee for their hard work- an average of a meeting every other day for the past 2 years. He noted that our policy drivers are quality, safety, efficiency, public health, and patient centeredness while protecting privacy and security. He emphasized the use cases with early wins - laboratory report exchange, e-prescribing, and patient summary sharing. He suggested the need for bold incrementalism - balancing innovation with the reality of implementation cost and timing. The recent debt ceiling negotiation illustrates that we cannot afford to pay for more healthcare quatity, instead we need to pay for quality and value. Healthcare IT is foundational to new reimbursement models and needs to be available for every stakeholder, large and small.

I had the opportunity moderate a panel discussion of policy and technology enablers and barriers to healthcare information exchange. Participants included

*Consumers can be effective stewards for their own summary data and care plans, but there needs to be standards-based, easy to use, automated interfaces between EHRs and PHRs before there will be significant adoption of PHRs. One easy way to do this is a certification criterion for every EHR and PHR to support the Direct specifications, enabling providers to send patient summaries to any PHR without requiring custom interfaces. PHRs need to be more than just passive containers for data. Ideally there will be an ecosystem of applications which enable patients to seek second opinions, obtain personalized educational materials, and enroll in clinical trials using their PHR data.

*Although HITECH incentives are great in the short term, the best way to foster healthcare IT adoption in the long term is to ensure it supports workflow, saving time and bringing value-added services to providers, payers, and patients. John Rother from AARP noted that online appointment making, referrals, and medication renewals have high value to patients. Such transactions are not typically offered by standalone commercial PHRs.

*The culture of healthcare needs to be changed so that providers and patients expect healthcare information exchange at every patient encounter. A culture change will create market demand for healthcare information exchange. Patient and provider trust in the data integrity and privacy of healthcare information exchange is a pre-requisite to culture change.

*Healthcare reform will create incentives for health information exchange, since payments for wellness will require community-wide care coordination and decision. support. The Patient Centered Medical Home is likely to become an electronic medical home that receives all data about patients from labs, pharmacies, hospitals, specialty practices, and home care devices.

*There needs to be innovation in care models, services, and technologies. Although the government can catalyze innovation, the private sector will need to fund ongoing efforts, since grants are only short term and are not a sustainable business model.

The audience was very engaged in the discussion and there will be a whitepaper summarizing the conference. A great meeting. Thanks to Drs. Hamilton and Casscells for organizing it!

Monday, August 15, 2011

Although many modern executives operate under such regulatory constraints that they have infinite responsibility but limited authority, a single person can create a corporate culture that impacts everyone's work experience.

What do I mean by creating the corporate culture?

While flying back from Japan, the in flight magazine on All Nippon Airways featured an article about Zappos' corporate culture noting that the CEO has created an environment which emphasizes fun, creativity and happiness in the workplace. Happy employees deliver great customer service without needing micromanagement or clandestine monitoring of every conversation.

When evaluating leaders we often think of characteristics such as vision, interpersonal skills, commitment to quality, staff engagement, financial acumen, ability to raise money, and domain expertise.

However, we rarely consider their impact on corporate culture. It can make a huge difference.

In my professional life, I've had two dozen bosses, each with a different style, approach, and culture.

Here's a few questions to ask about your culture

1. Do you arrive at the office every day thinking about the joy of success or the fear of failure? Are you supported such that a negative outcome is a learning experience that results in policy or process change to improve the organization rather than blaming the person who caused it?

2. Is communication open and transparent, or guarded and reserved?

3. Do managers share accountability and see their role as enabling your success, or are they pugilists who punish unmet goals by screaming louder?

4. Do you have clear expectations for the work you do and clear metrics for success?

5. Is loyalty and trust valued? Is hierarchy respected or is your authority undermined by senior executives who work around you? Would you trust your boss to hold your rope?

7. If someone impedes the work of others through passive aggressive behavior or scheming for their own self interest, is it tolerated?

8. Is everyone empowered to make a difference? Are policies and procedures clear so that they know how to make a difference?

9. Are all emails/communications asking for guidance answered promptly?

10. Do you feel positive energy about the possibilities ahead when you wake up each day or does each day end in a tailspin of emotional exhaustion?

Throughout my career I've worked in positive cultures and negative cultures. I do whatever I can to create a positive culture in the organizations I oversee. It's not always possible to create a positive culture within a larger organization that has a negative culture, but we should all try.

May you always work in a positive culture and if you do not, have the wisdom to seek a better place!

Friday, August 12, 2011

While in Japan last week, one of my lectures focused on emerging privacy and security issues. I highlighted the fact that increasingly sophisticated malware can breach every defense we put in place and that our best strategy is early detection when prevention fails.

Such an approach works well when the risk for damage is minimal. But what happens when the malware infects a medical device such as a smart pump or pacemaker? The risk of harm is far more dire than data integrity and includes physical harm up to an including death.

Hacks and malware aren't cool, so my cool technology of the week is a plea to the medical device industry - you need to engineer new devices with hardware level safeguards that impose sanity checks on the commands being given. Use encryption to protect all data transmissions and data at rest. Set limits on the minimum and maximum amounts of insulin that should ever be injected into the patient. Assume that hackers will penetrate and take control of the device.

Thursday, August 11, 2011

Monday, August 8 was my 27th wedding anniversary. My wife Kathy and I met at Stanford on September 1, 1980, so we've been together for 31 years. That means that we've spent two-thirds of our lives on this planet together. We've been collaborators, soul mates, homeowners, parents, and friends together. For three decades, our relationship has just worked. Here's why.

My entire life has been math/science/engineering - digital, white and black, linear, orderly, and left-brained.

Kathy's entire life has been the visual arts/humanities/creativity - analog, splashes of color, wabi sabi, Victorian clutter, and right-brained.

Our talents are entirely different, our approaches complementary, and we never compete on any level.

In our 20's we were vigorous hiking partners and built a home together.

In our 30's we focused on raising a young child.

In our 40's we created stability by planning for the future, caring for our parents, and preparing our child to leave the nest.

In our 60's and beyond we're likely to create a Japanese inspired wilderness retreat to serve as a home base between experiences around the world that are part of our work lives, volunteer lives, and personal lives.

We've evolved together and continue to expand and refine our relationship every day.

When I read literature from the scientific and lay press about the "seven year itch", it makes me realize that needs change, people change, and relationships need to change over time if they are going to last.

In your 20's you're likely at the peak of your physical life with more endurance, strength, and biological resilience than any other era. You can climb mountains and if you fall you bounce.

In your 40's, you're likely to be at the peak of your mental life with more experience, intellectual agility, and intuition than any other era. You can climb mountains, but if you fall you break. You're more likely focused on your 401k than your surfboard.

In your 60's you're likely to be at the peak of your financial life with more savings, more earning, and stability than any other area. If you've kept up your workouts and managed your diet, you can climb mountains, but if you fall, you shatter. You're more likely to be focused on supporting your children and aging parents, than thinking about a bleached blonde in a red convertible (unless you're a Congressman…)

If you and your partner are perfect for each other in your 20's, you may not be perfect in your 60's unless you adapt to your changing bodies, changing needs, and changing abilities together.

Kathy and I have been able to do that.

We've always treated each other as equals - there has never been a superior/subordinate aspects to our home lives, work lives, or family lives. Our division of labor is not cast in stone, it remains fluid based on the schedule and needs of each day. We share housework, we share parenting responsibilities, and we support each other's career.

Of course, we've had stress, anxiety, joy, sadness, and conflict along the way, that's life. But we've been able to weather the challenges, relish the successes, and treat each other fairly along the way.

This month we become empty nesters as our daughter begins her college life at Tufts on August 31. The house will seem quieter, the schedules will change, and our roles will need to evolve again as we focus more time on each other and our careers while our daughter becomes increasingly independent. It's another risky time for relationships.

But we'll navigate the transition, overcome the sense of loss, and plan our future together.

Given human life expectancy, we're likely to live another 31 years (I'm using Japan rather than US because our diet and lifestyle are distinctly Japanese). That means that Kathy and I are only halfway through our life together.

Happy Anniversary, Kathy. The second half of our time together will be even better than the first. I love you and always will.

Wednesday, August 10, 2011

I'm often asked why healthcare has been slow to automate its processes compared to other industries such as the airlines, shipping/logistics, or the financial services industry.

Many clinicians say that healthcare is different.

I'm going to be a bit controversial in this post and agree that healthcare has unique challenges that make it more difficult to automate than other industries.

Here's an inventory of the issues

1. Flow of funds - Hospitals and professionals are seldom paid by their customer. Payment usually comes from an intermediary such as the government or insurance payer. Thus, healthcare IT resources are focused on back office systems that facilitate communications between providers and payers rather than innovative retail workflows such as those found at the Apple Store.

2. Hiring and training the workforce - Important members of the workforce, the physicians delivering care, are seldom employed by the hospital. This is rare if not non-existent in any other industry. It's as if Toyota built a factory that anyone can use but does not hire or train the workers who build cars. If someone wanted to create a Toyota with wings and an outboard motor, they would have the freedom to do it.

3. Negotiating Price - Reimbursement no longer is based on a price schedule hospitals and professionals can control. It is based on a prospective payment model such as DRGs that someone else designs and dictates. Where else in the US do prices get dictated to a firm?

4. Establishing referral relationships - We cannot market services to those who control our patient flow due to Stark anti-kickback regulations. In other industries, you can build relationships, offer special incentives, and arrange mutually beneficial deals to develop your referral business. In health care, it's illegal even when unilaterally funding an action would make things easier for both parties and the patient.

5. Standardizing the product - In most industries, the product or service can be standardized to improve efficiency and quality. In health care, every person is chemically, structurally, and emotionally unique. What works for one person may or may not work for another. In this environment, it is difficult to standardize and personalize care in parallel.

6. Choosing the customer - In most other industries, you can chose with whom you do business. Not so in health care. If you have an emergency department, you must provide treatment even if the customer has no means to pay.

7. Compliance - Data flows in healthcare in increasingly regulated. What other business, including the IRS, is required to produce, on-demand, a three year look back of everyone who accessed your information within their firm.

As I noted in my recent post about the Burden of Compliance "the more complex a health system becomes, the more difficult it becomes to find any system design that has a higher fitness."

We are successfully automating healthcare workflows, motivated by HITECH incentives and the requirements of healthcare reform. The 7 characteristics above have required vendors to create full featured software applications and organizations to create complex rollout/funding models that take time. By 2015 we will be there and I will be proud of all we've accomplished, given that the constraints on the healthcare industry are truly different than industries which have been earlier adopters of technology.

Tuesday, August 9, 2011

My wife and her business partner have tried for weeks to get a large telecom provider to reactivate an existing DSL connection to their art gallery. However, they will not do it per an official letter which states that my wife has an outstanding balance of ZERO and until that balance is paid, no further work can be done.

As Joseph Heller would have written - you do not have an account and you owe nothing. Until you pay us nothing on an account you do not have, we cannot give you an account.

Numerous phone calls to the telecom's service centers have been answered by people who will not give their full names or contact information.

No one seems empowered to solve the problem, there is no accountability, and no possible escalation.

How can a company with such great technology have such onerous customer service? I'm a CIO so I understand the challenges of running a large organization. I accept variability in individual employee behavior. What I cannot tolerate is weeks of effort across many employees that demonstrates this telecom provider has lost control of its own business processes.

Here's my wife's account of the struggle thus far.

"We would simply like to contract for internet and phone in a commercial building. We are a registered LLC with a 4 year lease, in the second year of operations with this landlord.

Business partner Natacha Sochat is so frustrated that we will need to start reviewing our alternative options. We have been operating our business without phone and internet since May 3 and need to start service as soon as possible.

On May 1, 2011, we relocated to a larger space at 450 Harrison Ave #61, Boston MA 02118 (current lease runs to November 2014). The landlord/property manager is the same in both locations - GTI Properties.

The 450 Harrison building space #61 has preexisting writing, so we wish to purchase your phone and internet service.

On May 3, 2011, Natacha initiated contact. Your business services informed Natacha they would not proceed with our application until we updated the lease to prove we were a real business in the 450 Harrison #61 location.

On May 20, we obtained a finalized signed lease from the landlord. The lease includes our personal names, Kathy Halamka and Natacha Sochat, as this is the standard policy of the landlord, consistent with our prior lease in the 460 Harrison building.

On May 23, Natacha devoted the entire day to resolving this issue. Natacha visited your website and spoke with Laura. She was helpful and pleasant, but could not navigate your internal business operations.

Natacha called the your Credit Center twice while Laura was on the phone with her.

Four hours later, Natacha received a "denial of lease" fax.

Natacha again called your Credit Center and spoke with a heavily accented woman. The representative said she had no idea why the application was denied but told Natacha it may be because the lease refers to people rather than a corporation as the tenant.

Laura had no insight as why NK Gallery had been tormented, as no one else that day had been required to call your Credit Center, and when Laura called her fellow employees at the Credit Center they would not explain it to her either!

Laura advised Natacha to speak with a supervisor at your Credit Center. Natacha spoke with a supervisor and he would only tell Natacha his first name, Travis. He refused to provide any further contact information. He was very challenging to understand and requested many additional documents. (IRS, Fed ID documents etc). Natacha asked him to send her an email with a list of the documents he needed. She asked him if she could respond via e-mail instead of fax. He said no - the Credit Center cannot print anything, so fax is required.

You then sent a letter refusing to offer services until we paid a ZERO balance on the account that had not yet been created."

So there you have it. We tried desperately to give this telecom the business, but they refused.

As a test, I used my role as CIO and a major purchaser of services to escalate this Catch 22 situation and instantly received numerous offers of help from the telecom's Director and VP level. I chose not to pursue those offers and the gallery purchased services from a competitor. A CIO with a multi-million dollar budget should not be required to get simple DSL service!

There's a point at which companies get too big and lose touch with their customers. This particular telecom is a case study in broken business processes.

The upgrade for me required a major decision - Harvard Medical School and Beth Israel Deaconess Medical Center have used PGP Whole Disk Encryption (PGP WDE) to support Massachusetts mobile device data encryption regulations and Federal best practices. PGP WDE does not work with Lion. Although PGP has been a great product, it has had issues with Mac OSX upgrades in the past.

Lion now includes native whole disk encryption, FileVault2 as part of the operating system.

I could have decrypted my existing drive and removed PGP WDE (not easy), a process that would have taken hours.

Instead, I simply backed up my files (my digital life is so cloud-based that I keep just a few hundred megabytes of personal files on my laptop), repartitioned and formatted the hard drive, did a fresh install of Snow Leopard, then installed the Lion upgrade.

Apple has chosen to make Lion a $29.99 download from the App Store rather than providing a DVD, so there is no easy way to directly install Lion on a blank hard drive at present - making the Snow Leopard reinstall/download Lion the easiest installation path.

Of interest, the $29.99 download license covers all the Macs in your household. Since each member of my family has a Mac laptop, that's a real deal.

The installation went flawlessly. As soon as it was done, I turned on FileVault and my entire disk was encrypted in the background in about 2 hours. I also turned on the host-based firewall.

I configured Mail/iCal/Addressbook and my entire historical data set synched with BIDMC's exchange servers in about 30 minutes.

The only applications I use other than those which are native to MacOSX are Keynote, Pages, and Numbers - the Office Suite from Apple that is bundled as iWork '09. I installed those applications and the end result was a complete new, fresh Macbook Air with Lion, iWork, my personal files, and a local copy of my email.

The new user interface includes many iOS gesture features and it appears that Apple is converging MacOSX and iOS to make it easy to for customers to use any Apple product without significant retraining.

The major gestural change is that the Macbook trackpad now works just like an iPad. You can zoom/shrink with a pinching movement and scrolling is reversed from previous OSX versions. If you move two fingers up, you push the document up and you see the content that had been offscreen.

Mail/iCal/Addressbook have been significantly upgraded and they are now superior to Outlook in appearance, usability, and functionality. In its standard configuration, Mail works just like gmail and maintains threaded conversations rather than just individual email messages.

In summary, I've now retired PGP Whole Disk Encryption, and use no other software in my digital life other than Mac OSX Lion and iWork '09. All appears fast, stable and secure thus far.

It will take time for IT organizations (including mine) to train internal staff sufficiently to support Lion, but for those early adopters who have the confidence to install and manage Lion for themselves, the experience seems entirely positive.

Friday, August 5, 2011

CIOs are responsible for achieving at least 99.9% uptime and that implies high reliability engineering of every component. In planning for disaster recovery, we tend focus on power, storage, servers, networks, and desktops. However if cooling fails, no amount of redundant engineering will save the day.

BIDMC's primary data center uses glycol coolers (installed before we took possession of the building) to maintain a constant room temperature. We were concerned that the piping which carries the glycol to/from the roof top dry coolers and the computer room air conditioning units may have deteriorated over time and might pose a risk of joint rupture. Ty Dell, our data center facilities engineer, arranged to have the pipes inspected via ultrasound imaging to assess pipe and joint thickness. They passed all inspections.

Here's the report which provides us with reassurance that we have low risk for failure in our cooling system plumbing.

Thursday, August 4, 2011

In my blogs of the past two weeks, I've included many references to the people, places, and experiences I had while traveling in Japan speaking about the need to implement healthcare IT to support earthquake/tsunami response, hospital rebuilding, and the healthcare needs of the aging Japanese society.

Here are few personal observations about the country and its people in the aftermath of 3/11 (the Japanese term for the events that took place on Friday, March 11, 2011)

Impact on electric power
The area served by TEPCO does remain significantly affected by the reduction in power availability due to nuclear plant shutdown . Currently Tokyo has voluntarily reduced power consumption by 30% by limiting cooling, public lighting, and private consumption. West of Tokyo in Kyoto and Hiroshima, I did not experience any specific power reduction measures. When I talked to people in the Kansai and Chugoku regions about their post earthquake experiences, they noted that power savings of 15% is requested in the Kansai region for large institutions such as Kyoto University. It is not mandated as in Tokyo, but folks in Kyoto feel psychologically compelled to save power.

Impact on tourism
In Hiroshima, we stayed on Miyajima (a small sacred island off the coast) at the Yamaichi Bekkan run by a wonderful woman named Shinko Yamamatsu and her son Teppei. She noted her ryokan experienced a significant number of cancellations by foreign tourists who fear that Japan is unsafe or unstable following the earthquake. My experiences in Kyoto, and Hiroshima were flawless - safe food, completely functional infrastructure, and a very welcoming people. I highly recommend that foreign tourists proceed with any Japanese travel plans to Kyoto and Hiroshima. During this trip, I enjoyed freshly prepared meals at all my favorite vegetarian restaurants in Kyoto including Okutan, Fujino, and Kiko. On Miyajima, all our extraordinary meals were prepared by Shinko and her staff.

Impact on Electronic Health Record acceleration
Currently, the use of information technology for medical care is getting attention in Japan. The Japanese Kantei created a task force on healthcare IT in August 2010 and the May 2011 task force report advocates acceleration of electronic health records and personal health records, including a concept called My Virtual Hospital. Here's an English translation of the current thinking. In addition to the policy recommendations that I proposed in my paper and lectures during this trip, I will work with US and Japanese experts on a privacy whitepaper to outline a path forward for secure internet-based healthcare information exchange in Japan that takes into account existing Japanese privacy regulations. There are three kinds of regulations concerning medical record privacy protection in Japan. The first is a series of laws which stipulate confidentiality of specific occupations related to medical services such as physicians. The second is the Act concerning Protection of Personal Information approved in 2003, which more generally regulates privacy protection including medical records. The third is the Guideline of Privacy Protection for Medical and Nursing Care Services, which is not legally binding but backs up the other two types of laws comprehensively in the medical and nursing care sector.

Impact on future policy planning
On August 6, 1945, the United States dropped an atomic weapon on Hiroshima. Hiroshima hosts annual meetings in August to reflect on the policy impacts of nuclear weapons, nuclear power and health. This year, the focus was the aftermath of the Fukushima events and the need to reconsider dependence on nuclear power.

Japan is my second home and I have deep affection for its people, culture and geography. Recovery is proceeding rapidly and I recommend we do all we can to help by visiting Japan, contributing our expertise and volunteering our time.

"Experimental computer modeling has shown that as the number of dependencies increases in a system, the height of the local optimums [of organizational fitness] in a landscape lowers. In other words, the more dependencies there are in a system, the more likely they will be in conflict (through competing demands), flattening the landscape and diminishing the potential for improving system fitness. Thus the more complex a health system becomes, the more difficult it becomes to find any system design that has a higher fitness."

As we draft new regulations that impact healthcare IT organizations, we need to keep in mind that every regulation has a cost in dollars, time, and complexity.

Many people have spoken to me about the burden created by the Accounting of Disclosures NPRM, highlighting three major challenges it creates - an implementation burden that goes beyond the intent of HITECH, an inadequate impact analysis especially on small entities, and administrative overhead that is incompatible with impending budget cuts from the recent debt ceiling compromise plan.

The wording in the proposed rule which summarizes its intent is

"These two rights, to an accounting of disclosures and to an access report, would be distinct but complementary. The right to an access report would provide information on who has accessed electronic protected health information in a designated record set (including access for purposes of treatment, payment, and health care operations), while the right to an accounting would provide additional information about the disclosure of designated record set information (whether hard-copy or electronic) to persons outside the covered entity and its business associates for certain purposes (e.g., law enforcement, judicial hearings, public health investigations). The intent of the access report is to allow individuals to learn if specific persons have accessed their electronic designated record set information (it will not provide information about the purposes of the person's access). In contrast, the intent of the accounting of disclosures is to provide more detailed information (a 'full accounting') for certain disclosures that are most likely to impact the individual."

Here's a commentary based on the feedback I've received.

Challenge 1 – Scope beyond the intent of the HITECH Act

Protecting privacy is essential to building patient trust in electronic health records and health information exchanges.

To me, the intent of HITECH is to offer patient access upon request to EHR audit trails and HIE audit trails. However, the proposed rule goes beyond that, creating the concept of a "designated record set" and "disclosure logs" while exempting HIE transactions. It's too much and too little at the same time.

The Designated Record Set (DRS) is a super-set of information that includes the Electronic Health Record as well as data housed in many other systems including billing, quality, research, and operational data bases. It includes data shared with business associates such as small entities which provide specialty billing, transcription, and other services. By characterizing the accounting requirements around the more broadly defined DRS, the burden of compliance has been greatly increased, requiring new technologies to aggregate audit logs from a broad array of software applications.

Disclosures are broadly defined as the release of patient information to other entities. This means that every access to the Designated Record Set by physicians, nurses, allied health, lab, billing, accountants, auditors, legal staff, and numerous other "business associates" which are involved with a patient episode of care within the covered entity must be logged, aggregated, and reported to patients on-demand.

Business Associates are extensions of a health care provider, plan or clearinghouse’s workforce. An example is a business hired by a physician practice to bill and collect medical fees. Another example is an independent contractor who provides coding or transcription services. Business Associates provide a wide variety of services. Some may access content of the Designated Record Set as a direct consequence of their role such as a transcriptionist. Some may access DRS content as an incidental part of their role, such as a software vendor performing troubleshooting on a data base. Under the proposed rule, each of these must be logged and included in the disclosure accounting.

By requiring providers to create disclosure logs on designated record sets including business associate access, I believe HHS has gone beyond the intent of HITECH.

Challenge 2 – Inadequate Regulatory Analysis

In describing the regulatory impact, HHS under-stated the expense burden that the proposed rule will impose.

On page 31442 of the May 31, 2011 Federal Register, the proposed rule notes “We estimate the effects of the requirement for covered entities (including indirect costs incurred by third party administrators, which frequently send out notices on behalf of health plans) to issue new notices of privacy practices, would result in new total costs of $20.2 million.”

The accompanying commentary suggests most of the information needed is already available for disclosure logging. This suggests a lack of knowledge of current state of healthcare information systems.

HHS notes costs will be limited because the number of requests for disclosure accounting will be few. However, it's not the number of requests that will drive the cost, but the preparation needed to meet a request whether there is one or one thousand.

In the Federal Register, HHS suggests there are 673,324 entities that will be impacted by these regulations. This is another understatement as it only includes providers, insurance carriers, and third party administrators. To this count, must be added the hundreds of thousands, perhaps millions of businesses and independent contractors who do commerce with a one of the 673,324 and receive protected health information under a Business Associates Agreement.

Without counting Business Associates, this works out to $30 per entity, an absurdly low figure.

With Business Associates included, the proposed rule will impact more than a million entities. Every business and independent contractor that provides transcription, billing, computer repair, auditing, or other service to a health care provider, plan or clearinghouse will be affected. A high percentage of these are small businesses.

The cost of modifying or upgrading just one software application and educating a two person staff would easily exceed $5,000 in first year implementation cost. Many organizations face modifications to dozens of systems, educating thousands of employees, and modifying hundreds of Business Associates Agreements.

Even if only 500,000 firms are affected, at $5,000 each the total cost to implement the proposed rule would be $2.5 billion. A more realistic estimate is in excess of $10 billion.

Challenge 3 – Incompatibility with the Federal debt challenge

The debate on the debt ceiling over the past two weeks included a discussion of reductions in payments to providers and hospitals. Yet, as currently proposed, the rule adds billions in additional costs.

A 1999 study comparing Canadian and U.S. health care costs showed administrative overhead consumed 31 percent of the U.S. health care dollar. In Canada, administrative overhead accounted for only 16.7 percent of their health care costs, nearly half what we require in the U.S. We cannot add more administrative overhead and hope to reduce Medicare cost without affecting access or quality of care.

The healthcare industry has often been criticized for inefficiencies. What other industry, including the Federal government is asked to produce an accounting, on demand, of everyone who touches data for any reason? It does not occur in banking, brokerage firms, or credit card processors. It doesn’t even occur with the Internal Revenue Service.

To impose such demanding requirements on the healthcare industry at a time when administrative cost reduction is a top priority seems counter intuitive.

In summary:

The rule should be revised to limit scope to that which is needed to support the spirit of HITECH.

The rule should not be implemented until a realistic regulatory impact analysis can be completed.

The healthcare industry will undergo an upheaval as it contends with healthcare reform and reimbursement decreases. It does not make sense to impose significant regulatory burden while constraining supply (Medicare funding) and maintaining all Medicare benefits such that demand will continue to rise.

I look forward to reading the HHS analysis of comments and hope the final rule supports enough auditing to foster patient trust, while realistically constraining the burden on implementers.

Tuesday, August 2, 2011

I've written previously about those times in my career when alignment of leadership and resources led to major achievements. High performing teams are a pre-requisite to such achievement and here are a few characteristics of high performing teams I have worked with:

Competence
Domain expertise and an ability to execute assigned tasks are key to ensuring vision is turned into successful implementation. My experience is that "A" players hire "A" players and "B" players hire "C" players. This means that highly competent people surround themselves with skilled people because they do not feel intimated by having subordinates or colleagues who are smarter, more talented, or more successful. No member of a team can do everything, so having a group of smart people working together creates a sum greater than the parts. On the other hand, incompetent people tend to hire even less competent people to shore up their own egos and self image. Leaders need to be very careful when retaining marginally performing teams, because incompetent people hiring less competent people can get the organization in trouble very quickly.

Trust
As a rock climber, I know that my life depends upon the skill and decision making of my climbing partner. No matter how good I am, a mistake by my partner could kill both of us. Every day I think about my teams and ask if I would trust them to hold my rope. A high performing team requires a level of trust and confidence that fosters a joy of collective achievement rather than fear of individual failure. Creating an environment of trust has worked for me as a parent and is an essential part of a optimized team.

Communication
I realize that carrying mobile devices creates the burden of being connected 24 hours a day. I do not inflict my own work schedule on any of my teams (my last true day off was in the summer of 1984). However, creating a level of communication among team members that enables rapid escalation and resolution of issues is essential to high performance. Teams should respect the need for time away but arrange coverage such that email, instant messaging, paging, phone calls, and web-based collaboration can be initiated at a moment's notice for resolution of complex issues that are often precipitated by circumstances beyond the control of the team. Teams should create a level of transparency that keeps all members informed of current priorities, strategies, and challenges using blogs, wikis, and meetings (to the extent necessary). Great communication reduces friction, enhances decision making, and reduces unnecessary work.

Loyalty
Highly functional team members are always there for each other. No matter what happens, they do not throw their colleagues under the bus. They give an early heads up when projects or staff members are in trouble. They accelerate decision making by contributing positively to consensus building. They respect hierarchical boundaries, escalating problems by collaborating with team leaders and managers. The result is a team that is deeply loyal to its members rather than focused on highlighting the success of any one individual.

The Greater Good
In my trip to Japan, I discussed priority setting in the Japanese bureaucracy. At times it appears that ministries set priorities based on sustaining their own power and authority. Bureaus within ministries can set priorities in silos. Rarely is the greater good for the country the driving force that unifies budgeting at every level. Highly functional teams think about the overall goals of the organization and craft their plans around those activities which will create the greatest good for the greatest number. There is not siloed thinking about resources, budgets, or achieving individual goals at the expense of team of goals.

High performing teams are hard to create and sustain, but when they happen, they are to be treasured. There is nothing I will not do for my high performing teams.

Monday, August 1, 2011

My travels in Japan included lectures in Tokyo and Kyoto, sharing lessons learned from the US health information technology national efforts. I highlighted that the Office of the National Coordinator has to balance the desire for innovation with a pace of change that vendors and clinicians can tolerate.

This led me to think about the pace of change that CIOs are experiencing right now. The IT innovations of the past few years have been dizzying and the cycle between the peak of hype to the trough of obsolescence is now measured in months, not years.

Some examples of rise and fall

1. Blackberry - I was one of the earliest adopters of Blackberry technology, using a small pager-like device for short text messages. As each new model was announced, I welcomed the innovations - the evolution from thumbwheel to joystick to track pad, larger color screens, cameras, video features, and voice memo recording. However, in 2011, my mobile device needs have outpaced Blackberry's engineering. I now need a full featured web browser, a book reader, the ability to zoom/drag via touch screen, and a robust App Store. Until 2010, Blackberry seemed to be unstoppable in the corporate messaging world. Now it is laying of 2500 people as the iPhone and Android devices rapidly replace Blackberries in consumer and business settings. They tried very hard to introduce new devices such as the Storm, the Playbook, and the Torch, but came up short as customer expectations exceed their pace of innovation.

2. MySpace - Remember when personalized portals were hot? At its height, social networking company MySpace had 1500 employees. It was purchased in 2005 by Rupert Murdock for $580 million. It was recently sold for $35 million. At this point, MySpace does not appear on lists of popular social networking destinations. Given that the value of most websites is based on usage and thus potential for selling advertising, shifts in the market can occur almost instantly. Who knows, in a year or two surfing to today's popular sites such as twitter.com may yield the error "URL not found"

3. Google Health - Google is a great company and I have no doubt that it will continue to succeed. Google+ is a wonderful social networking site that is likely to steal some of Facebook's market share. However, like most technology companies, Google now has to deal with the mire of maintenance that comes with a mature set of highly used applications. More resources are spent on operations and less are available for pure innovation. Smaller, more nimble companies are likely to outpace Google and will either be acquired by Google or erode Google's leadership position. Many of my friends and colleagues who joined Google a few years ago (when it was considered unstoppable) have now left Google as the company has matured and its culture has changed. The closing of Google Health is just one symptom of the changes in focus that occur when a company is faced with the maintenance and regulatory burdens of maturing products.

4. Microsoft Windows - In 1995, I remember standing in line at midnight in a Torrance, California electronics store to buy one of the first copies of Windows 95. My early Dell computer (a 386 processor) ran DOS and Windows 3.1, so Windows 95/Office 95 was a remarkable innovation. It was stable and easy to use. Windows 98 Second Edition included built in internet features and was remarkably fast and reliable. Thereafter, Microsoft has introduced new features, but not achieved the same kind of game changing innovation that occurred 1995-2000. How many people stood in line at midnight to buy Microsoft Vista? How eagerly anticipated was Windows 7? How many people brag about their Windows Phone or Windows mobile device? The market share numbers tell the story - as of 2011, the majority of Windows computers in the world still run XP. Microsoft is a great investment - its stock price is low and its product line is very broad. It's Kinect device was the top selling consumer electronics product over the past year. However, the burden of maintaining compatibility with an operating system developed for the IBM XT era has led Microsoft to lose its edge in a cloud-based, mobile centric world.

5. Cisco - The CareGroup network outage of 2002 taught me many lessons about network architecture. In response, we installed an updated end to end Cisco infrastructure, embraced Cisco technical services, and worked closely with Cisco salespeople to plan the lifecycle of the network. Since then, the purchase and maintenance costs of end to end Cisco networks have outpaced Cisco innovation and other companies such as Juniper and HP offer better value on some components. Cisco is laying off 20,000, closing entire businesses such as the Flip camera (a wonderful technology company that Cisco acquired in 2009 for 500 million dollars, then shut down in 2011) and is rethinking its entire consumer product strategy. By becoming a sprawling company and attempting to maintain very high margins, Cisco lost control of its core business. Its competitors are more agile and cost effective.

The general theme is that it's very hard for CIOs to skate where the puck will be when last year's shrewd investment becomes this year's white elephant. A side effect of this accelerating market change is that customer expectations for constant innovation are higher than ever. The CIO gets credit for change, but does not receive kudos for impeccable stability, reliability and security of the existing infrastructure and application stack.

While I was in Japan I had lunch with a leading Japanese business thinker, Professor Ikujiro Nonaka. He told me "If you are doing business as usual, you are falling behind."

Put another way, no matter how good your daily operations, customers in 2011 measure your performance based on the pace of change.

Later this month, I'll take a few of my senior staff to dinner so we can reflect on this challenge. How can we deliver infrastructure and applications services at an accelerating pace of change for reasonable cost while maintaining staff morale, quality, and compliance with escalating regulatory complexity? I'll let you know what we decide.